Core: a Peer-To-Peer Based Connectionless Onion Router

Total Page:16

File Type:pdf, Size:1020Kb

Core: a Peer-To-Peer Based Connectionless Onion Router Core: A Peer-To-Peer Based Connectionless Onion Router Olaf Landsiedel, Alexis Pimenidis, Klaus Wehrle Heiko Niedermayer, Georg Carle Department for Computer Science Computer Networks and Internet RWTH Aachen, Germany University of Tuebingen, Germany fi[email protected][email protected] Abstract Onion Routing is today’s typical substrate for anonymous near-real-time communication. Via layered encryp- tion, Onion Routers such as TOR [7] or Tarzan [8] build a static tunnel through a peer-to-peer relay network. All traffic exchanged between two end points uses one and the same tunnel, making the design susceptible to attacks based on pattern analysis. Recent publications [12] even extend this theoretical threat by showing the practical feasibility of a pattern analysis attack on the deployed TOR system. In contrast to today’s anonymous communication systems, Core routes each packet a different communication path and so is not susceptible to this class of attacks. Furthermore, inspired by IP-routing the connectionless approach reduces the complexity of the Onion Router. In this paper, we describe the design of our Connectionless Onion Router, evaluate its performance, and address the communication overhead. We present address virtualization to abstract from Internet addresses and to provide transparent application support. Thus, no application-level gateways or proxies are required to sanitize protocols from network level information. Acting as an IP-datagram service, our scheme provides a substrate for anonymous communication to a wide range of applications using TCP and UDP. 1 Introduction Increasing censorship and the erosion of privacy in digital communication and particularly the Internet chal- lenges the freedom of speech. Individual communication and private information is becoming subject to moni- toring and surveillance of government and corporate institutions. Around the world, governments have tried and often succeeded in blocking access to web sites and information considered subversive and not suitable. Even the actions of European and US governments raise questions about privacy and civil liberties; for example, the Federal Bureau of Investigations surveillance system Carnivore, the Patriot Act, and the European Union’s “Convention on Cybercrime”. These give the authorities in the US and the European Union a wide range of powers to intercept, log, and record personal digital communications. The research community proposed Onion Routing [17] as an answer to such challenges to everybody’s privacy. Using Onion Routing, a host can connect to a server through a set of mix relays and thus hide its identity. Layered encryption ensures that each hop in the relay network can only decrypt the address of its successor in the relay chain. When a node communicates to a server, it uses a static route through the mix network. As this route remains the same until the communication between the server and the node has ended, the connection-based design of today’s Onion Routers enables attacks against the user’s anonymity [12] or the recipient’s anonymity [13]. To attack a connection, the adversary applies a traffic pattern to one of the relays of the connection. This pattern then interferes with the communication between the server and the node and can thus be measured at both of them. Instead of using a static route between two nodes, Core routes each packet along a different path to its destination – making pattern attacks, as the one described above, useless. Furthermore, the connectionless design is inspired by the IP-routing in the Internet. Thus, a relay does not maintain state and flow information for the connections as in TOR. This reduces the complexity of the design and the architecture, allowing for small memory footprints and the ease of implementation of Core nodes. The remainder of this paper is structured as follows. First, section 2 addresses related work and discusses the differences to our approach. Section 3 gives a deeper insight into TOR and the pattern-based attack. Next, section 4 presents Connectionless Onion Routing as our solution to this class of attacks and discusses the design challenges we faced. Section 5 discusses anonymous services and section 6 addresses threats to anonymity. Next, section 7 evaluates the performance of the proposed approach. Section 8 discusses future work and concludes the paper. 2 Related Work In this section, we address the shortcomings of today’s near real-time anonymous communication schemes. Their design principle is the Chaumian Mix [4], in which e-mail traffic is forwarded through a set of cascading mixes to hide the sender’s identity. The traffic enters one of the mixes and leaves the mix network at some random point. To reduce the impact of malicious mixes, the route through the mixes is set up via layered encryption. Thus, each mix only can decrypt the information about its successor in the cascade. Based on this design, various systems have been proposed enabling near real-time communication for services like web browsing: Onion Routing [17], TOR [7], Freedom [3] and Web Mixes [2]. They use a static set of relays and therefore suffer from drawbacks like limited scalability and fault tolerance. Furthermore, they are easy to attack via Denial of Service or legal approaches, as the set of mixes is well known. Systems like MorphMix [14] and Tarzan [8] avoid this problem since they are based on peer-to-peer networks. However, they suffer from the dynamics of an overlay network and the limited bandwidth each node can provide. All the above mentioned systems rely on static routes and are thereby susceptible to pattern-based attacks. To our best knowledge, our work is the first to propose Connectionless Onion Routing, i.e. to route each packet along a different path for low latency anonymous networks. The closest work to Core is a theoretical paper by Serjantov and Murdoch [15] about splittinglarge messages in remailer systems [6, 11]. It analyzes the usage of independent routes for each packet of a message to prevent an eavesdropper at the first mix from determining the message size and therefore being able to correlate this with an eavesdropper located near other mix nodes. As nodes are repeatedly used as first relay in a path, the packet flow is exponentially distributed to prevent the first relay from estimating the message size. This theoretical analysis primarily refers to remailer systems. However, in private communication, its authors confirmed that most arguments also apply to onion routing. 3 Background In this section, we present a deeper insight into “The Onion Router” (TOR) and the pattern-based attack. It is necessary to discuss both in more detail as the attack against anonymity is one of the motivations for our work. 3.1 Understanding TOR The TOR network is designed to provide anonymous TCP connections to arbitrary Internet servers. The network consists of hundreds of nodes that relay traffic and thereby hide the stream’s origin. Data flow in TOR is similar to conventional circuit switched networks, as each TOR node represents a switch. The initiator of a TCP stream creates a TOR circuit by connecting to a first randomly selected TOR node (relay). With a Diffie-Hellmann key exchange, both negotiate a secret key and thereby establish a secure channel. Via the relay, the initiator can connect to further TOR nodes and thus build a chain of relays. Commonly, TOR uses three relay nodes. Messages are encrypted multiple times (layered encryption). Each relay removes one layer of encryption to determine its successor and to change the cipher text. Thus, no correlation of incoming and outgoing streams is possible. Furthermore,the layered encryption ensures that each node only knows its successor on the path. The last TOR node in the chain is the exit point. Via this node, the initiator can connect to standard web servers or set up ssh sessions to arbitrary nodes in the Internet. 3.2 Attacking TOR After discussing TOR’s architecture, we introduce the pattern-based attack [12] in this section as an example of an practical and feasible attack on this network. All connections relayed by a TOR node share its limited bandwidth and processing power. For example, when one node relays traffic for two other nodes, they share the available bandwidth equally. Thus, relayed connections interfere with each other. To attack the TOR network, the adversary needs to control a TOR node (the threat model allows for malicious TOR nodes) and send a specific traffic pattern to a selected TOR relay. As the bandwidth of the relay is shared, this traffic pattern will interfere with the existing streams of the node. Therefore, the pattern can be retrieved with conventional traffic-analysis techniques [5] from the nodes that relay the attacked streams. Furthermore, for the same reason it can be seen at the source and destination of the stream. Thus, communication in TOR is not anonymous anymore. The attack is based on the fact that TOR nodes have limited bandwidth which is shared between all relays. Therefore, any participating node can perform this attack, making it possible even for adversaries with few re- sources to threaten anonymous communication in the TOR network. 4 Introducing Core This section introduces our solution to the attacks presented in the previous section. In particular, we discuss the architecture of the Connectionless Onion Router. Today’s Onion Routers operate connection oriented. Thus, when the tunnel is set up, each relay stores session information, e.g. symmetric keys, state information, successor, and predecessor. As Core operates connectionless, such a session setup cannot be done1 and is unnecessary2. Therefore, in Core, each packet needs to maintain the information about all relays in path and the corresponding asymmetric keys. Core uses elliptic curve cryptography based Diffie-Hellman key exchange to generate symmetric keys for de- crypting the information about the successor on each relay.
Recommended publications
  • Pairing-Based Onion Routing with Improved Forward Secrecy ∗
    Pairing-Based Onion Routing with Improved Forward Secrecy ∗ Aniket Kate Greg M. Zaverucha Ian Goldberg David R. Cheriton School of Computer Science University of Waterloo Waterloo, ON, Canada N2L 3G1 {akate,gzaveruc,iang}@cs.uwaterloo.ca Abstract This paper presents new protocols for onion routing anonymity networks. We define a provably secure privacy-preserving key agreement scheme in an identity-based infrastructure setting, and use it to forge new onion routing circuit constructions. These constructions, based on a user’s selection, offer immediate or eventual forward secrecy at each node in a circuit and require significantly less computation and communication than the telescoping mechanism used by Tor. Further, the use of the identity-based infrastructure also leads to a reduction in the required amount of authenticated directory information. Therefore, our constructions provide practical ways to allow onion routing anonymity networks to scale gracefully. Keywords: onion routing, Tor, pairing-based cryptography, anonymous key agreement, forward secrecy 1 Introduction Over the years, a large number of anonymity networks have been proposed and some have been implemented. Common to many of them is onion routing [RSG98], a technique whereby a message is wrapped in multiple layers of encryption, forming an onion. As the message is delivered via a number of intermediate onion routers (ORs), or nodes, each node decrypts one of the layers, and forwards the message to the next node. This idea goes back to Chaum [Cha81] and has been used to build both low- and high-latency communication networks. A common realization of an onion routing system is to arrange a collection of nodes that will relay traffic for users of the system.
    [Show full text]
  • Into the Reverie: Exploration of the Dream Market
    Into the Reverie: Exploration of the Dream Market Theo Carr1, Jun Zhuang2, Dwight Sablan3, Emma LaRue4, Yubao Wu5, Mohammad Al Hasan2, and George Mohler2 1Department of Mathematics, Northeastern University, Boston, MA 2Department of Computer & Information Science, Indiana University - Purdue University, Indianapolis, IN 3Department of Mathematics and Computer Science, University of Guam, Guam 4Department of Mathematics and Statistics, University of Arkansas at Little Rock, AK 5Department of Computer Science, Georgia State University, Atlanta, GA [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] Abstract—Since the emergence of the Silk Road market in Onymous" in 2014, a worldwide action taken by law enforce- the early 2010s, dark web ‘cryptomarkets’ have proliferated and ment and judicial agencies aimed to put a kibosh on these offered people an online platform to buy and sell illicit drugs, illicit behaviors [5]. Law enforcement interventions such as relying on cryptocurrencies such as Bitcoin for anonymous trans- actions. However, recent studies have highlighted the potential for Onymous, along with exit scams and hacks, have successfully de-anonymization of bitcoin transactions, bringing into question shut down numerous cryptomarkets, including AlphaBay, Silk the level of anonymity afforded by cryptomarkets. We examine a Road, Dream, and more recently, Wall Street [6]. Despite these set of over 100,000 product reviews from several cryptomarkets interruptions, new markets have continued to proliferate. The collected in 2018 and 2019 and conduct a comprehensive analysis authors of [7] note that there appears to be a consistent daily of the markets, including an examination of the distribution of drug sales and revenue among vendors, and a comparison demand of about $500,000 for illicit products on the dark web, of incidences of opioid sales to overdose deaths in a US city.
    [Show full text]
  • A Framework for Identifying Host-Based Artifacts in Dark Web Investigations
    Dakota State University Beadle Scholar Masters Theses & Doctoral Dissertations Fall 11-2020 A Framework for Identifying Host-based Artifacts in Dark Web Investigations Arica Kulm Dakota State University Follow this and additional works at: https://scholar.dsu.edu/theses Part of the Databases and Information Systems Commons, Information Security Commons, and the Systems Architecture Commons Recommended Citation Kulm, Arica, "A Framework for Identifying Host-based Artifacts in Dark Web Investigations" (2020). Masters Theses & Doctoral Dissertations. 357. https://scholar.dsu.edu/theses/357 This Dissertation is brought to you for free and open access by Beadle Scholar. It has been accepted for inclusion in Masters Theses & Doctoral Dissertations by an authorized administrator of Beadle Scholar. For more information, please contact [email protected]. A FRAMEWORK FOR IDENTIFYING HOST-BASED ARTIFACTS IN DARK WEB INVESTIGATIONS A dissertation submitted to Dakota State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Cyber Defense November 2020 By Arica Kulm Dissertation Committee: Dr. Ashley Podhradsky Dr. Kevin Streff Dr. Omar El-Gayar Cynthia Hetherington Trevor Jones ii DISSERTATION APPROVAL FORM This dissertation is approved as a credible and independent investigation by a candidate for the Doctor of Philosophy in Cyber Defense degree and is acceptable for meeting the dissertation requirements for this degree. Acceptance of this dissertation does not imply that the conclusions reached by the candidate are necessarily the conclusions of the major department or university. Student Name: Arica Kulm Dissertation Title: A Framework for Identifying Host-based Artifacts in Dark Web Investigations Dissertation Chair: Date: 11/12/20 Committee member: Date: 11/12/2020 Committee member: Date: Committee member: Date: Committee member: Date: iii ACKNOWLEDGMENT First, I would like to thank Dr.
    [Show full text]
  • Optical Onion Routing
    Optical Onion Routing Anna Engelmann and Admela Jukan Technische Universitat¨ Carolo-Wilhelmina zu Braunschweig, Germany Email: fa.engelmann, [email protected] Abstract—As more and more data is transmitted in the depend on number and dependability of volunteer systems, configurable optical layer, – whereby all optical switches forward the privacy features in optical network need to be approached packets without electronic layers involved, we envision privacy as differently: for instance, it is a telecom operator that should the intrinsic property of future optical networks. In this paper, we be able offer a private optical communication service as a propose Optical Onion Routing (OOR) routing and forwarding value added feature. For instance, for some client networks techniques, inspired by the onion routing in the Internet layer, - an optical network can grant anonymous access to third-party the best known realization of anonymous communication today, – but designed with specific features innate to optical networks. servers in the cloud, whereby the traffic contents and the origin We propose to design the optical anonymization network system of requests can remain secret for both the attacker as well as with a new optical anonymization node architecture, including the cloud provider. In designing an anonymous optical network the optical components and their electronic counterparts to akin to Tor, however, several obstacles need to be overcome, realize layered encryption. We propose modification to the secret since the main features need to be primarily implemented in key generation using Linear Feedback Shift Register (LFSR), – photonics, i.e., without intervention of electronics, such as able to utilize different primitive irreducible polynomials, and encryption, traffic routing, and session key distribution.
    [Show full text]
  • Walking Onions: Scaling Anonymity Networks While Protecting Users
    Walking Onions: Scaling Anonymity Networks while Protecting Users Chelsea H. Komlo Nick Mathewson Ian Goldberg University of Waterloo The Tor Project University of Waterloo Abstract Anonymity networks in practice [13] have prevented these Scaling anonymity networks offers unique security chal- attacks by requiring all participants to share a globally consis- lenges, as attackers can exploit differing views of the net- tent view of the entire state of the network, and giving clients work’s topology to perform epistemic and route capture at- complete control over selecting relays for their paths. While tacks. Anonymity networks in practice, such as Tor, have this approach prevents the described attacks, requiring a glob- opted for security over scalability by requiring participants ally consistent view results in quadratic bandwidth growth as to share a globally consistent view of all relays to prevent the number of clients increases [26], because the number of these kinds of attacks. Such an approach requires each user relays must also increase to provide more capacity, and all to maintain up-to-date information about every relay, causing parties must download information about all relays. While the total amount of data each user must download every epoch today’s Tor network requires only approximately half a per- to scale linearly with the number of relays. As the number cent of its total bandwidth to serve network state [39, 41], of clients increases, more relays must be added to provide increasing the number of clients and relays by one order of bandwidth, further exacerbating the total load on the network. magnitude would result in the consumption of roughly five In this work, we present Walking Onions, a set of proto- percent of the network’s (ten times larger) total bandwidth cols improving scalability for anonymity networks.
    [Show full text]
  • Technical and Legal Overview of the Tor Anonymity Network
    Emin Çalışkan, Tomáš Minárik, Anna-Maria Osula Technical and Legal Overview of the Tor Anonymity Network Tallinn 2015 This publication is a product of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre). It does not necessarily reflect the policy or the opinion of the Centre or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication. Digital or hard copies of this publication may be produced for internal use within NATO and for personal or educational use when for non- profit and non-commercial purpose, provided that copies bear a full citation. www.ccdcoe.org [email protected] 1 Technical and Legal Overview of the Tor Anonymity Network 1. Introduction .................................................................................................................................... 3 2. Tor and Internet Filtering Circumvention ....................................................................................... 4 2.1. Technical Methods .................................................................................................................. 4 2.1.1. Proxy ................................................................................................................................ 4 2.1.2. Tunnelling/Virtual Private Networks ............................................................................... 5
    [Show full text]
  • Defending Against Malicious Cyber Activity Originating From
    TLP:WHITE Product ID: A20-183A July 1, 2020 Defending Against Malicious Cyber Activity Originating from Tor This advisory—written by the Cybersecurity Security and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI)—highlights risks associated with Tor, along with technical details and recommendations for mitigation. Cyber threat actors can use Tor software and network infrastructure for anonymity and obfuscation purposes to clandestinely conduct malicious cyber operations.1,2,3 Tor (aka The Onion Router) is software that allows users to browse the web anonymously by encrypting and routing requests through multiple relay layers or nodes. This software is maintained by the Tor Project, a nonprofit organization that provides internet anonymity and anti-censorship tools. While Tor can be used to promote democracy and free, anonymous use of the internet, it also provides an avenue for malicious actors to conceal their activity because identity and point of origin cannot be determined for a Tor software user. Using the Onion Routing Protocol, Tor software obfuscates a user’s identity from anyone seeking to monitor online activity (e.g., nation states, surveillance organizations, information security tools). This is possible because the online activity of someone using Tor software appears to originate from the Internet Protocol (IP) address of a Tor exit node, as opposed to the IP address of the user’s computer. CISA and the FBI recommend that organizations assess their individual risk of compromise via Tor and take appropriate mitigations to block or closely monitor inbound and outbound traffic from known Tor nodes. 1 CISA Alert published April 2020: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching.
    [Show full text]
  • El Gamal Mix-Nets and Implementation of a Verifier
    KTH Royal Institute of Technology School of Computer Science and Communication El Gamal Mix-Nets and Implementation of a Verifier SA104X Degree Project in Engineering Physics Erik Larsson ([email protected]) Carl Svensson ([email protected]) Supervisor: Douglas Wikstr¨om Abstract A mix-net is a cryptographic protocol based on public key cryptography which enables untraceable communication through a collection of nodes. One important application is electronic voting where it enables the construction of systems which satisfies many voting security requirements, including veri- fiability of correct execution. Verificatum is an implementation of a mix-net by Douglas Wikstr¨om. This report concerns the implementation of a verifier and evaluation of the implementation manual for the Verificatum mix-net. The purpose of the document is to enable third parties to convince themselves that the mix- net has behaved correctly without revealing any secret information. This implementation is a simple version of the verifier using the document and some test vectors generated by the mix-net. The document contains all information but there are still some possibilities for further clarification in order to make it comprehensible to a larger audience. Contents 1 Introduction 2 1.1 Verificatum . 2 1.2 Goals and Scope . 3 2 Background 3 2.1 El Gamal Cryptography . 3 2.1.1 Definition . 4 2.1.2 Security . 4 2.1.3 Properties . 5 2.2 Cryptographic Primitives . 6 2.2.1 Hash functions . 6 2.2.2 Pseudo Random Generators . 6 2.2.3 Random Oracles . 7 2.3 Mix Networks . 7 2.3.1 Overview . 7 2.3.2 El Gamal Mix-Nets .
    [Show full text]
  • Multiparty Routing: Secure Routing for Mixnets
    Multiparty Routing: Secure Routing for Mixnets Fatemeh Shirazi Elena Andreeva Markulf Kohlweiss Claudia Diaz imec - COSIC KU Leuven imec - COSIC KU Leuven Microsoft Research imec - COSIC KU Leuven Leuven, Belgium Leuven, Belgium Cambridge, UK Leuven, Belgium Abstract—Anonymous communication networks are impor- re-mailer, Freenet [5], [6] used for anonymous file-sharing, and tant building blocks for online privacy protection. One approach DC-Nets [7] that can be deployed for broadcast applications to achieve anonymity is to relay messages through multiple such as group messaging. routers, where each router shuffles messages independently. To achieve anonymity, at least one router needs to be honest. The goal of ACNs is to anonymize communications by In the presence of an adversary that is controlling a subset relaying them over multiple routers. There are three main types of the routers unbiased routing is important for guaranteeing of anonymous routing in terms of how routers are chosen to anonymity. However, the routing strategy also influenced other form the path. factors such as the scalability and the performance of the system. One solution is to use a fixed route for relaying all messages First, in deterministic routing, the paths are predetermined with many routers. If the route is not fixed the routing decision by the system configuration. Chaum’s original ACN pro- can either be made by the communication initiator or the posal [1] considered a sequence of mixes organized in a intermediate routers. However, the existing routing types each cascade. Systems that adopted the cascade network topology have limitations. For example, one faces scalability issues when in their designs include JAP [8], and voting systems, such as increasing the throughput of systems with fixed routes.
    [Show full text]
  • Provably Secure and Practical Onion Routing
    Provably Secure and Practical Onion Routing Michael Backes Ian Goldberg Saarland University and MPI-SWS, Germany University of Waterloo, Canada [email protected] [email protected] Aniket Kate Esfandiar Mohammadi MPI-SWS, Germany Saarland University, Germany [email protected] [email protected] Abstract The onion routing network Tor is undoubtedly the most widely employed technology for anony- mous web access. Although the underlying onion routing (OR) protocol appears satisfactory, a comprehensive analysis of its security guarantees is still lacking. This has also resulted in a sig- nificant gap between research work on OR protocols and existing OR anonymity analyses. In this work, we address both issues with onion routing by defining a provably secure OR protocol, which is practical for deployment in the next generation Tor network. We start off by presenting a security definition (an ideal functionality) for the OR methodology in the universal composability (UC) framework. We then determine the exact security properties required for OR cryptographic primitives (onion construction and processing algorithms, and a key exchange protocol) to achieve a provably secure OR protocol. We show that the currently deployed onion algorithms with slightly strengthened integrity properties can be used in a provably secure OR construction. In the process, we identify the concept of predictably malleable symmetric encryptions, which might be of independent interest. On the other hand, we find the currently deployed key exchange protocol to be inefficient and difficult to analyze and instead show that a recent, significantly more efficient, key exchange protocol can be used in a provably secure OR construction.
    [Show full text]
  • How Do Tor Users Interact with Onion Services?
    How Do Tor Users Interact With Onion Services? Philipp Winter Anne Edmundson Laura M. Roberts Princeton University Princeton University Princeton University Agnieszka Dutkowska-Zuk˙ Marshini Chetty Nick Feamster Independent Princeton University Princeton University Abstract messaging [4] and file sharing [15]. The Tor Project currently does not have data on the number of onion Onion services are anonymous network services that are service users, but Facebook reported in 2016 that more exposed over the Tor network. In contrast to conventional than one million users logged into its onion service in one Internet services, onion services are private, generally not month [20]. indexed by search engines, and use self-certifying domain Onion services differ from conventional web services names that are long and difficult for humans to read. In in four ways; First, they can only be accessed over the Tor this paper, we study how people perceive, understand, and network. Second, onion domains are hashes over their use onion services based on data from 17 semi-structured public key, which make them difficult to remember. Third, interviews and an online survey of 517 users. We find that the network path between client and the onion service is users have an incomplete mental model of onion services, typically longer, increasing latency and thus reducing the use these services for anonymity and have varying trust in performance of the service. Finally, onion services are onion services in general. Users also have difficulty dis- private by default, meaning that users must discover these covering and tracking onion sites and authenticating them. sites organically, rather than with a search engine.
    [Show full text]
  • Walking Onions: Scaling Anonymity Networks While Protecting Users Chelsea H
    Walking Onions: Scaling Anonymity Networks while Protecting Users Chelsea H. Komlo, University of Waterloo; Nick Mathewson, The Tor Project; Ian Goldberg, University of Waterloo https://www.usenix.org/conference/usenixsecurity20/presentation/komlo This paper is included in the Proceedings of the 29th USENIX Security Symposium. August 12–14, 2020 978-1-939133-17-5 Open access to the Proceedings of the 29th USENIX Security Symposium is sponsored by USENIX. Walking Onions: Scaling Anonymity Networks while Protecting Users Chelsea H. Komlo Nick Mathewson Ian Goldberg University of Waterloo The Tor Project University of Waterloo Abstract Anonymity networks in practice [13] have prevented these Scaling anonymity networks offers unique security chal- attacks by requiring all participants to share a globally consis- lenges, as attackers can exploit differing views of the net- tent view of the entire state of the network, and giving clients work’s topology to perform epistemic and route capture at- complete control over selecting relays for their paths. While tacks. Anonymity networks in practice, such as Tor, have this approach prevents the described attacks, requiring a glob- opted for security over scalability by requiring participants ally consistent view results in quadratic bandwidth growth as to share a globally consistent view of all relays to prevent the number of clients increases [26], because the number of these kinds of attacks. Such an approach requires each user relays must also increase to provide more capacity, and all to maintain up-to-date information about every relay, causing parties must download information about all relays. While the total amount of data each user must download every epoch today’s Tor network requires only approximately half a per- to scale linearly with the number of relays.
    [Show full text]